Recent news coverage of expanded allegations against Hewlett-Packard Company for violations of the Foreign Corrupt Practice Act (FCPA) serve as a reminder of the particular scrutiny the tech industry has faced under the FCPA. In the last decade, technology companies seem to have attracted a disproportionate amount of FCPA investigations and enforcement efforts. Understanding how the current FCPA enforcement environment affects tech-sector businesses can help those companies craft a strategy for managing the specific risks the industry faces.

1. The Justice Department and Securities and Exchange Commission continue to vigorously enforce the FCPA.

Enacted in 1977, the FCPA prohibits U.S. companies, foreign companies listed on a U.S. exchange and U.S citizens from bribing foreign officials to gain a competitive advantage. Paying or offering to pay a foreign official “anything of value” to obtain or retain business violates the FCPA. Prohibited conduct can include not only cash but also a wide range of imaginative incentives like discounts, gifts, entertainment, lavish travel, charitable contributions or promises of employment. Companies subject to the FCPA are responsible for their conduct as well as that of anyone acting on their behalf, including agents and representatives.

The FCPA remained mostly dormant until 2002, when passage of the Sarbanes-Oxley Act inspired the Justice Department to breathe life back into it as a method for fighting corporate wrongdoing. By 2010, enforcement actions jumped 85 percent from just the year before and, in that very same year, the Justice Department collected over one billion dollars in FCPA penalties and fines.

That enforcement effort continues today. In the first half of 2013, enforcement levels by the Justice Department and SEC remain at a robust level. The SEC has approximately 60 devoted prosecutors and enforcement attorneys, and their efforts receive additional support from the U.S. Attorneys' Office, as well as regional enforcement offices, across the country.

2. Technology companies remain a popular target for FCPA enforcement.

Technology companies have attracted considerable FCPA-enforcement attention. In January 2013, of the 90 then-currently known investigations, 16 were against technology companies—continuing a historic trend of heavy FCPA inquiry in the tech sector.

Some commentators believe that there is a “contagion effect” where the investigation of one company for FCPA violations can spread through an industry. Sometimes that kind of industry-wide focus occurs because the investigators learn that a problematic practice has been adopted by multiple companies in the same business sector or, as is the case alleged against Hewlett-Packard, that a company has implemented a prohibited practice in multiple geographic regions or countries at the same time. Other times companies under investigation name competitors guilty of similar conduct in order to mitigate their own situation.

Along with these factors, the tech sector’s fast business pace, frequent reliance on third-party agents to conduct foreign transactions and reliance on government as a significant customer segment may explain the industry’s seemingly over-representation in the FCPA landscape.

Technology, in particular, has seen product discounting for foreign government officials cross into legal gray areas. In addition, tech as an industry relies heavily on resellers, distributors, sales representatives, agents, and consultants for overseas sales, creating additional FCPA compliance challenges. Historical review reveals that these relationships are often the ones that give rise to tech company FCPA problems—both for enforcement activity and self-reported potential violations.

What constitutes adequate FCPA compliance for these kinds of third-party entities remains difficult to define succinctly. In late 2012, the U.S. Department of Justice and the Securities and Exchange Commission issued A Resource Guide to the U.S. Foreign Corrupt Practices Act (the Guide) to help companies understand their FCPA compliance responsibilities. The Guide includes examples of common red flags that indicate a “willful blindness” regarding the conduct of third parties:

Excessive commissions to third-party agents or consultants

Unreasonably large discounts to third-party distributors

Third-party “consulting agreements” that include only vaguely described services

A third-party consultant is in a different line of business than that for which it has been engaged

A third party is related to or closely associated with a foreign official

A third party becomes part of a transaction at the express request or insistence of a foreign official

A third party is merely a shell company incorporated in an offshore jurisdiction

A third party requests payment to off-shore bank accounts

The Guide also says that an effective compliance plan that includes due diligence on third-party agents can help reduce FCPA risk. No guidance is provided, however, on due diligence for customers and suppliers, who are also frequently part of the tech food chain.

4. Tech sector businesses should use government guidelines to manage compliance.

Despite some of the frustrations regarding what the Guide doesn’t say, tech sector companies should still turn to its guidance regarding compliance to manage FCPA risk.

While recognizing that each company’s needs should dictate specifics, the Guide identifies the following as hallmarks of an adequate compliance program:

Commitment from senior management and a clearly articulated policy against corruption

A current and effective code of conduct and compliance policy

Oversight by a member of senior management with sufficient autonomy and resources to be effective

Risk assessment and internal audit procedures

Continuing advice and regular training for both new and current employees and third parties

Enforced disciplinary measures for employees who violate the policy and incentives for employees who follow it

Comprehensive, risk-based due diligence on third parties and transactions

Mechanisms for employees to confidentially report potential infractions and for an efficient, thorough internal investigation

Updating the compliance policy through periodic testing and review

Pre-acquisition due diligence and post-acquisition integration for mergers and acquisitions

5. An FCPA violation may trigger claims from shareholders, competitors and others.

Tech companies dealing with the reality that one of their agents may have engaged in conduct prohibited by the FCPA are not the only ones who may need advice and representation from experienced FCPA counsel. While there is no private cause of action under the FCPA, competitors, shareholders or other victims of foreign corrupt practices may also have claims. For example, a competitor, faced with competitive harm resulting from the foreign corrupt practices of another, may rely on various state and federal laws precluding unfair competition to remedy its losses. Courts have also recognized that an FCPA violation may form the basis for a breach of fiduciary duty claim against officers of the company by its investors. Accordingly, tech companies must be mindful of the litany of claims and resulting legal morass which may result if they are not diligent in their efforts to avoid FCPA violations.